CHANGES

                                  _   _ ____  _     
                              ___| | | |  _ \| |    
                             / __| | | | |_) | |    
                            | (__| |_| |  _ <| |___ 
                             \___|\___/|_| \_\_____|

                                  Changelog

Daniel (25 June)
- More NTLM-improvements. Less code. Smaller packets back and forth.

Daniel (23 June)
- Eric Glass provided us with a better doc on NTLM details, and I added more
  comments and clarified the current code more. Using the new knowledge, we
  should be able to make the NTLM stuff work even better.
  Eric's original URL: http://davenport.sourceforge.net/ntlm.html
  Version stored and provided at curl site: http://curl.haxx.se/rfc/ntlm.html

- Fixed the minor compile problems pre3 had if built without GSSAPI and/or
  SSL.

Version 7.10.6-pre3 (19 June 2003)

Daniel (19 June)
- Made curl use curl_free() on memory returned by curl_getenv(), as this
  should theoreticly make it possibly to build and run curl and libcurl with
  different memory allocation schemes with no problems.

Daniel (18 June)
- Improved the mkhelp.pl a bit further to make a nicer hugehelp text and to
  include a better comment in the top for the gzip compressed version.

Daniel (17 June)
- CURLOPT_HTTPAUTH is now a bitmask, in which you set which authentication
  type(s) you want to use. If more than one is set, libcurl will use one of
  the selected one and the one it considers is more secure. Test case 67 and
  68 (for NTLM) were fixed and we've reduced a round-trip for specific --ntlm
  featches, and test case 69 and 70 were added for testing authentication
  "picking". --anyauth is the new command line tool option, and I also added
  --basic for completeness (that's the default type).

- Fixed the runtests.pl script to use the info provided by the new curl -V
  output.

- --enable-debug now sets the CURLDEBUG define instead of MALLOCDEBUG, as it
  is meant to be a generic debug conditional.

- curl_version_info() can now return CURL_VERSION_DEBUG as a feature bit, to
  indicate that the library was built with CURLDEBUG set.

- Ralph Mitchell found out that some web applications very badly uses white
  spaces in Location: redirects, and apparently IE is a browser (the only
  one?) that supports this abomination. Based on Ralph's patch, I added code
  that now attempts to replace white spaces with the proper "%20" or "+".
  Test case 40 and 42 were added to verify my changes.

- curl -V now also outputs a list of features the available library offers (if
  any).

- The curl_version() string now includes "GSS" if libcurl is built with GSSAPI
  support.

- David Orrell reported that libcurl still crashed when sending HUGE requests
  over HTTPS... I fixed.

Version 7.10.6-pre2 (16 June 2003)

Daniel (16 June)
- curl_version_info() now returns bitmasked information weather NTLM and
  GSSNEGOTIATE are supported, since it is doomed to vary on different
  installatiions.

- I remade the HTTP Digest code to use the MD5-code provided by OpenSSL if
  that is present, and only use our own MD5-code if it isn't.
  
Daniel (13 June)
- More NTLM help, fixes and patches from Cris Bailiff.

- Marty Kuhrt brought include fixes for making VMS builds warning-free.

Daniel (12 June)
- NTLM authentication works somewhat against the test servers provided by
  Mathias Axelsson and Cris Bailiff. Use by setting CURLOPT_HTTPAUTH to
  CURLAUTH_NTLM to libcurl, or --ntlm for the curl tool. Test case 67 and 68
  were added for this. NTLM-support requires OpenSSL.

- Dan Fandrich provided a patch, that granted that gzip and libz are available
  at build-time, compresses the hugehelp text in the curl command line and
  uncompresses it at request. Saves some ~60K in the final output executable.

Daniel (11 June)
- Long day of fighting the NTLM demons.

Daniel (10 June)
- Modified how to set auth type to libcurl. Now use CURLOPT_HTTPAUTH instead,
  and pick method. Supported ones currently are:
  CURLAUTH_BASIC     - default selection
  CURLAUTH_DIGEST    - formerly CURLOPT_HTTPDIGEST
  CURLAUTH_GSSNEGOTIATE

- Daniel Kouril added HTTP GSS-Negotiate authentication support, as defined in
  the IETF draft draft-brezak-spnego-http-04.txt. In use already by various
  Microsoft web applications. --negotiate is the new family member. To take
  advantage of this, you need one of these packages:

  o Heimdal Kerberos5               http://www.pdc.kth.se/heimdal/heimdal.html
  o GSSAPI from Globus                   http://www.globus.org/
  o GSSAPI libraries from MIT Kerberos5  http://web.mit.edu/kerberos/www/

- A missing ending bracket (']') while doing URL globbing could lead to a
  segfault. While fixing this, I also introduced better error reporting in the
  globbing code. (All this is application code outside libcurl.)

Daniel (6 June)
- David Orrell found out that sending a huge GET request over HTTPS could
  make libcurl fail and return an error code.

Daniel (2 June)
- Richard Bramante found out that "Content-Length: 0" was not properly used by
  libcurl if the response-headers indicated that the connection would be
  closed.

- David Byron's patch was applied, that makes the --progress-bar take the
  local size into account when doing resumed downloads.

- Feedback from Serge Semashko made me change the error message returned when
  CURLE_HTTP_RETURNED_ERROR is returned.

- Anonymous in bug report #745122 pointed out that we should really be using
  SSL_CTX_set_options(... SSL_OP_ALL) to work around flaws in existing SSL
  implementations.

Daniel (27 May)
- Andreas Ley and Rich Gray helped me point out that no version of HP-UX has
  the sys/select.h header file so including it unconditionally in curl/multi.h
  is not a good thing. Now we check for HPUX and avoid using that header on
  such systems.

- Rudy Koento experienced problems with curl's recent habit of POSTing data in
  two separate send() calls, first the headers and then the data. I've now
  made a fix that for static and known content that is less than 100K in size,
  everything is now sent in one single system call again. This is also better
  for network performance reasons.

- I modified the main makefile to not build the test suite and a few other
  unnecessary things by default. Now, the test suite is built when 'make test'
  is run.  This reduces build time for those who don't care for the test
  suite, and it also reduces confusion for people using platforms where the
  test suite build fails!

Daniel (26 May)
- Chris Lewis pointed out a flaw in the #ifdefs in curl/multi.h for Windows,
  which is now corrected.

- Jis Joy found another flaw in the SOCK5 code, as libcurl treated the socks5
  proxy a little too much like as if it was a http proxy.

Daniel (23 May)
- Ricardo Cadime found a socket leak when listing directories without
  contents. Test cases 144 and 145 were added to verify the fix.

- Rudy Koento found yet another problem when a HTTP server returns only a
  single-line of contents without any headers at all. libcurl then failed to
  count the data, thus returning error 52 "no contents". Test case 66 was
  added to verify that we now do right.

Version 7.10.6-pre1 (23 May 2003)

Daniel (23 May)
- Jis in bug report #741841, fixed a bug in the SOCKS5 proxy-using code.

Daniel (22 May)
- David Remahl set up a test-server for me providing Digest authentication,
  and I wrote the first working code that support it. The test suite was
  modified slightly as well to work better for it and --digest was added to
  the command line options (and CURLOPT_HTTPDIGEST to the library)...  RFC2617
  has all the gory details.

Daniel (21 May)
- David Balazic pointed out that curl_unescape() didn't check that %-codes
  were correctly followed by two hexadecimal digits when it unescape strings.
  Now, we do the check and only %XX codes are unescaped if the X letters are
  hexadecimals.

- Gisle Vanem made curl build with djgpp on DOS.

- Gisle Vanem improved the mkhelp.pl script to make a nicer manual that is
  shown with curl -M.

Daniel (20 May)
- Gisle Vanem provided a fix that makes libcurl more conservative, not
  expecting h_aliases of the hostent struct to always be non-NULL.

Daniel (19 May)
- As requested by Martin Michlmayr in Debian bug report #193630, libcurl now
  supports user name and password in the proxy environment variables. Added
  test case 63 to verify this.

Version 7.10.5 (19 May 2003)